WiFi newbie

[Gonz]

I've been recruited to setup wireless for a family member. Since my wireless is set to OFF, I'm going in blind.

Any DO NOT DO suggestions?
How about DO THIS AT ALL COSTS?

I found this

1. Password protect the access to your router’s internal configuration

To access your router’s internal setup, open a browser and enter the routers setup URL. The URL will be specified in the manual. The URLs for D-Link and Linksys routers, two major manufacturers of wireless routers, are http://192.168.0.1 and http://192.168.1.1, respectively.

For Linksys routers, leave the user name blank and type “admin” (without the quotes) in the password field and press enter. To change the password, simply click on the Password tab and enter your new password.

For other routers, please consult your manual. Alternately, you can search on the Internet with the term “default login for ”. Don’t be surprised to find quite a number of pages listing default login parameters for many different routers, even uncommon ones.

2. Change the default SSID (Service Set IDentifier)

The SSID is the name of a WLAN (Wireless Local Area Network). All wireless devices on a WLAN use SSIDs to communicate with each other.

Routers ship with standard default SSIDs. For example, the default SSID for Linksys routers is, not unsurprisingly, “Linksys”. As you can see, if you don’t change the default SSID of your router a would-be intruder armed with a few common SSIDs from major manufacturers will be able to find your wireless network quite easily.

To change the SSID, click on the Wireless tab. Look for an input item labeled SSID. It will be near the top. Enter a new name for network. Don’t use something like “My Network”. Use a name that is be hard to guess.

3. Disable SSID broadcast

Wireless enabled computers use network discovery software to automatically search for nearby SSIDs. Some of the more advanced software will query the SSIDs of nearby networks and even display their names. Therefore, changing the network name only helps partially to secure your network. To prevent your network name from being discovered, you must disable SSID broadcast.

which seems to give some leads.

 

[valkyrie]

All that seems correct.

On the computer(s), you will need to setup a wireless connection. I suggest that you turn off file sharing on the computer if these are notebooks that go to other places and hook-up there.

Are you going to use encryption on the wireless router?

 

[chcr]

If you're going to use DCHP (and if you don't you'll answer questions all the time) don't use the default IPs (typically 192.168.0.1 for the router and 192.168.0.x for all the assigned ones). You can set the router's IP and it should assign the rest. What you have is good advice.

 

[Gonz]

I belive it's one desktop & one or two laptops. I'll probably keep the desktop hardwired. Both laptops are for work & home,

I'd prefer encryptrion. I want these folks to have a nice lovely wifi experience while making sure the neighbors have to pay for their own.

 

[chcr]

I figure encryption goes without saying. Make sure the laptop users know how to change settings though. They don't want to be using the same settings at work and at home. Honestly, mine at home (and the one at work for that matter) has manually assigned IPs and only certain MAC addresses are allowed to see it.

 

[valkyrie]

We've got WiFi up at the cabin, unencrypted and open, because we're way out of range for anyone snooping. We live way out in the country, so there's no reason to lock it down.

However, you are right to lock down your WiFi so passerbys and neighbors can't get free WiFi. It's not that I'm against the free WiFi, but it's the malicious jackasses that you have to be warry of.

 

[chcr]

I'm a good 1/4 mile or more from the nearest neighbors which is probably far enough to be safe. OTOH, my paranoia is almost legendary.

Edit: as an aside though, you can see four networks from work, not counting ours. Withough the correct settings you can't see our private network. We have a public one for visitors and people waiting for their cars.

 

[Gonz]

only certain MAC addresses are allowed to see it.

That is gonna be one of the first things I do. Two laptops of specific MAC addresses & that's it.

 

[Gonz]

A better part of 6 hours.

The router was set up quickly & easily. The wired computer was zero hassle (new IP, SSID, WEP 128 & custom key). The laptop wouldn't connect at all. It found all the neighborhood networks (only 1/7 was not secure) It wouldn't connect wired either. After hours of this, that & the other, it's all up & (hopefully) secure.

What a PITA.

 

[chcr]

I've set up seven so far and not one has gone according to plan. Glad it's not just me.

 

[Gonz]

It kept telling me that the hardware wasn't connected. That would be the same hardware that's finding all the networks?

 

[Nixy]

Man, I had NO problem when I got my wireless router...we plugged it into my brother's desktop, set up the encryption, I plugged in the wireless card, entered the encryption and VOILA

 

[Inkara1]

Gonz... consider it karma biting you in the ass for all those times you've posted your FiOS download speed numbers.

 

[Gonz]

What ever do you mean?

Download Speed: 15696 kbps (1962 KB/sec transfer rate)
Upload Speed: 1613 kbps (201.6 KB/sec transfer rate)

 

[Inkara1]

*grumble grumble*

Download Speed: 4809 kbps (601.1 KB/sec transfer rate)
Upload Speed: 490 kbps (61.3 KB/sec transfer rate)

 

[chcr]

Man, I had NO problem when I got my wireless router...we plugged it into my brother's desktop, set up the encryption, I plugged in the wireless card, entered the encryption and VOILA

Well... if you accept all the defaults, yeah...

 

[chcr]

It kept telling me that the hardware wasn't connected. That would be the same hardware that's finding all the networks?

I talk to the hardware myself. Well, curse at it anyway.

 

[Luis G]

MAC filtering has no point, since anyone who knows how to crack the encryption might as well just spoof the MAC.

Hiding the SSID has not much point either. It just makes life more complicated to valid users, since one hacking into your net can know easily what your SSID is.

My recommendation is to only encrypt it using WPA or WPA2. Just make sure to use a passphrase of at least 32 characters.

 

[Inkara1]

I just have the basic enctyption turned on with mine... l337 hackers would be able to get by the strongest stuff as easily as the basic, but the basic keeps the neighborhood riff-raff out at least.

 

[Luis G]

I just have the basic enctyption turned on with mine... l337 hackers would be able to get by the strongest stuff as easily as the basic, but the basic keeps the neighborhood riff-raff out at least.

Actually I've met a few that weren't 1337 hackers that cracked WEP networks just by reading a tutorial and downloading some programs.

WPA is not easy to crack, even for 1337 hackers.